IN THE CLAIMS: 



What is claimed is: 

1 . (Currently Amended) A method in a data processing system for automatically 
configuring IP security tunnels, said method comprising the steps of: 

exchanging identification data with a remote computer system; 

determining, based on the identification data, whether a predefined security policy exists 
corresponding to the remote computer system; 

e stablishing selecting a security policy specification format capable of being utilized by a 
plurality of different operating systems and a plurality of different machine types if a predefined 
security policy is absent ; and 

defining a configuration of an IP security tunnel between the data processing system and 
the remote computer system utilizing said security policy specification format. 

2. (Currently Amended) The method according to claim 1, further comprising: 
establishing a security policy specification format capable of being utilized by a plurality 

of different operating systems and a plurality of different machine types; and 

th e st e p of establishing said security policy specification format as a DTD file. 

3. (Original) The method according to claim 2, further comprising the step of including a 
plurality of different elements in said DTD file, each of said plurality of different elements being 
utilized to configure an IP security tunnel. 

4. (Previously Presented) The method according to claim 3, further comprising the steps of: 
generating an XML file utilizing a plurality of said plurality of different elements 

included within said DTD file; and 

processing said XML file to automatically configure an IP security tunnel. 

5. (Original) The method according to claim 1, further comprising the step of including a 
root element in said security policy specification format. 
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6. (Original) The method according to claim 1, further comprising the step of establishing a 
protection element in said security policy specification format, said protection element including 
a listing of IKE transforms. 

7. (Original) The method according to claim 1, further comprising the step of establishing a 
transform element in said security policy specification format. 

8. (Original) The method according to claim 1, further comprising the step of establishing a 
group element in said security policy specification format. 

9. (Original) The method according to claim 1, further comprising the step of establishing 
an identification element in said security policy specification format. 

10. (Original) The method according to claim 1, further comprising the step of establishing a 
tunnel element in said security policy specification format. 

11. (Original) The method according to claim 1, further comprising the step of establishing a 
root element, a protection element, a transform element, a group element, an identification 
element, a tunnel element, a local/remote identify element, an ID type element, an ID definition 
element, a pre-shared key element, an IPsec proposal element, an IPsec ESP protocol element, an 
IPsec authentication header element, and an IPsec protection element in said security policy 
specification format. 

12. (Original) The method according to claim 1, further comprising the step of automatically 
configuring an IP security tunnel utilizing said security policy specification format. 

13. (Original) The method according to claim 1, further comprising the step of comparing a 
first IP security tunnel to a second IP security tunnel utilizing a first security policy specification 
format that is associated with said first IP security tunnel and a second security policy 
specification format that is associated with a second IP security tunnel 
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14. (Currently Amended) A computer program product comprising: 

a computer usable medium having computer usable program code for defining a 
configuration of IP security tunnels, comprising: 

computer usable program code for exchanging identification data with a remote computer 

system; 

computer usable program code for determining, based on the identification data, whether 
a predefined security policy exists corresponding to the remote computer system; 

computer usable program code for e stablishing selecting a security policy specification 
format capable of being utilized by a plurality of different operating systems and a plurality of 
different machine types if a predefined security policy is absent ; 

computer usable program code for automatically configuring an IP security tunnel 
between the data processing system and the remote computer system utilizing said security policy 
specification format. 

15. (Currently Amended) The product according to claim 14, further comprising: 
computer usable program code for establishing a security policy specification format 

capable of being utilized by a plurality of different operating systems and a plurality of different 
machine types; and 

computer usable program code for establishing said security policy specification format 
as a DTD file. 

16. (Previously Presented) The product according to claim 14, further comprising computer 
usable program code for including a plurality of different elements in said DTD file, each of said 
plurality of different elements being utilized to configure an IP security tunnel. 

17. (Previously Presented) The product according to claim 16, further comprising: 
computer usable program code for generating an XML file utilizing a plurality of said 

plurality of different elements included within said DTD file; and 

computer usable program code for processing said XML file to automatically configure 
an IP security tunnel. 



Page 4 of 25 
Batra et al. - 09/935,395 



18. (Previously Presented) The product according to claim 14, further comprising computer 
usable program code for including a root element in said security policy specification format. 

19. (Previously Presented) The product according to claim 14, further comprising computer 
usable program code for establishing a protection element in said security policy specification 
format, said protection element including a listing of IKE transforms. 

20. (Previously Presented) The product according to claim 14, further comprising computer 
usable program code for establishing a transform element in said security policy specification 
format. 

21 . (Previously Presented) The product according to claim 14, further comprising computer 
usable program code for establishing a group element in said security policy specification format. 

22. (Previously Presented) The product according to claim 14, further comprising computer 
usable program code for establishing an identification element in said security policy 
specification format. 

23. (Previously Presented) The product according to claim 14, further comprising computer 
usable program code for establishing a tunnel element in said security policy specification 
format. 

24. (Previously Presented) The product according to claim 14, further comprising computer 
usable program code for establishing a root element, a protection element, a transform element, 
a group element, an identification element, a tunnel element, a local/remote identify element, an 
ID type element, an ID definition element, a pre-shared key element, an IPsec proposal element, 
an IPsec ESP protocol element, an IPsec authentication header element, and an IPsec protection 
element in said security policy specification format. 
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25. (Previously Presented) The product according to claim 14, further comprising computer 
usable program code for automatically configuring an IP security tunnel utilizing said security 
policy specification format. 

26. (Previously Presented) The product according to claim 14, further comprising computer 
usable program code for comparing a first IP security tunnel to a second IP security tunnel 
utilizing a first security policy specification format that is associated with said first IP security 
tunnel and a second security policy specification format that is associated with a second IP 
security tunnel. 

27. (Currently Amended) A data processing system for automatically configuring IP security 
tunnels, comprising: 

a computer; 

a computer readable medium containing computer readable instructions, wherein the 
computer executes the computer readable instructions to exchange identification data with a 
remote computer system; determine whether a predefined security policy exists corresponding to 
the remote computer system; and select a security policy specification format capable of being 
utilized by a plurality of different operating systems and a plurality of different machine types if a 
predefined security policy is absent ; and 

said system for automatically configuring an IP security tunnel between the data 
processing system and the remote computer system utilizing said security policy specification 
format. 

28. (Currently Amended) The system according to claim 27, further comprising: 

a security policy specification format capable of being utilized by a plurality of different 
operating systems and a plurality of different machine types being established; and 
said security policy specification format being established as a DTD file. 

29. (Original) The system according to claim 28, further comprising a plurality of different 
elements being included in said DTD file, each of said plurality of different elements being 
utilized to configure an IP security tunnel. 
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30. (Previously Presented) The system according to claim 29, further comprising: 

an XML file being generated utilizing a plurality of said plurality of different elements 
included within said DTD file; and 

said system for processing said XML file to automatically configure an IP security tunnel. 

31 . (Original) The system according to claim 27, further comprising a root element being 
included in said security policy specification format. 

32. (Original) The system according to claim 27, further comprising a protection element 
being included in said security policy specification format, said protection element including a 
listing of IKE transforms. 

33. (Original) The system according to claim 27, further comprising a transform element 
being included in said security policy specification format. 

34. (Original) The system according to claim 27, further comprising a group element being 
included in said security policy specification format. 

35. (Original) The system according to claim 27, further comprising an identification 
element being included in said security policy specification format. 

36. (Original) The system according to claim 27, further comprising a tunnel element being 
included in said security policy specification format. 

37. (Original) The system according to claim 27, further comprising a root element, a 
protection element, a transform element, a group element, an identification element, a tunnel 
element, a local/remote identify element, an ID type element, an ID definition element, a pre- 
shared key element, an IPsec proposal element, an IPsec ESP protocol element, an IPsec 
authentication header element, and an IPsec protection element being included in said security 
policy specification format. 
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38. (Original) The system according to claim 27, further comprising said system for 
automatically configuring an IP security tunnel utilizing said security policy specification format. 

39. (Original) The system according to claim 27, further comprising said system for 
comparing a first IP security tunnel to a second IP security tunnel utilizing a first security policy 
specification format that is associated with said first IP security tunnel and a second security 
policy specification format that is associated with a second IP security tunnel. 
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